Being able to pay easy is a basic requirement these days. This functionality removes friction from the traditional online shopping process and drives conversion. It minimizes customer frustration. How to do that? This is about storing payment data.


Storing payment data is called “tokenization”. A very good explanation can be found here:

Tokenization is mostly being utilized for subscriptions where a monthly amount is debited from the consumer’s account. More and more often the seller is looking for ways to limit friction during the payment process, also for regular online purchases. And more and more often, the payment process will take place in the background, seamless, with no impact on the customer experience. Please check this article on Frankwatching about “Contextual Commerce” in which this phenomenon is described in detail (Dutch):

Tokenization follows these steps for online or mobile payments:

  1. Customers enter their name and credit card details.
  2. A payment token is requested from the payment provider.
  3. The token request is shared with the bank where the card was issued.
  4. After approval, the personal account number (PAN) is replaced by a “token”.
  5. The token is then used to complete the purchase.


Tokenization is not the same as encryption

Tokenization is not dependent on encryption to protect data. Instead of securing information via an algorithm, such as encryption, tokenization replaces the sensitive data 1-on-1 to arbitrary data. The original information is not in the token and therefore the token cannot be converted to the real data. It is just a placeholder. The sensitive payment information is completely stored in another location, such as a secure data center. This means that sensitive customer data is never stored in a merchant environment at any time, with the advantage of having no additional exposure to PCI compliance.

So if a hacker manages to break into and steal tokens, they have not stolen anything of value. Tokens cannot be used for fraudulent purposes. Furthermore, tokens cannot be reset to their original value independently of the secure platform or software by breaking an algorithm.

An example of encryption is the EMV (Europay-MasterCard-Visa) chip, which is in your bank card or credit card, and which replaced the magnetic strip on the back of the payment card years ago.

Payment service providers have their own approach to tokenization and technically there are often differences. These differences can have an impact on the success rate of your transactions and therefore your conversion. Make sure to always ask the payment service provider to technically elaborate on this functionality.